wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

Merge pull request #44 from fsr/vaultwarden

Browse source 
vaultwarden: init module
This commit is contained in:
Rouven Seifert 2023-07-12 15:59:50 +02:00 committed by GitHub
parent 8d84f387f5 d7e85c3d43
commit d7c3fe4342
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 48 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -43,6 +43,7 @@
./modules/matrix.nix
./modules/mautrix-telegram.nix
./modules/sogo.nix
./modules/vaultwarden.nix
./modules/course-management.nix
{
fsr.enable_office_bloat = false;

43
modules/vaultwarden.nix Normal file
View file

@ -0,0 +1,43 @@
{ config, ... }:
let
domain = "vault.${config.fsr.domain}";
in
{
sops.secrets."vaultwarden_env".owner = "vaultwarden";
services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
environmentFile = config.sops.secrets."vaultwarden_env".path;
config = {
domain = "https://${domain}";
signupsAllowed = false;
# somehow this works
databaseUrl = "postgresql://vaultwarden@%2Frun%2Fpostgresql/vaultwarden";
rocketPort = 8000;
smtpHost = "127.0.0.1";
smtpPort = 25;
smtpSSL = false;
smtpFrom = "noreply@${config.fsr.domain}";
smtpFromName = "iFSR Vaultwarden";
};
};
services.postgresql = {
enable = true;
ensureUsers = [
{
name = "vaultwarden";
ensurePermissions = {
"DATABASE vaultwarden" = "ALL PRIVILEGES";
};
}
];
ensureDatabases = [ "vaultwarden" ];
};
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}";
};
};
}

7
secrets/quitte.yaml
View file

@ -14,9 +14,10 @@ rspamd-password: ENC[AES256_GCM,data:bOW6eAwr18Guq+BQt68It6O6i3aAthDv1ANZ02Q8zAZ
mediawiki:
postgres: ENC[AES256_GCM,data:XRfUc2PRMJcoILAnm5MWr2Cg5u4e/IhGMUnz/oIQSzY=,iv:8U+qlD1SQzxUyD/6QK4SdwRCDyMODK/lP0IDrLlcQ4U=,tag:2spNMj9dY2wWilOusq24yQ==,type:str]
initial_admin: ENC[AES256_GCM,data:iET5rz9rygx49NDBjKwqAlRgpeS+jq5iM5zmjnoKcyk=,iv:11iDbCrpzjCdyAB22R8NknJ6vzcpVZXCXB3iWsGWXw0=,tag:1RCyg1ysOWaXKdqqdHqRrw==,type:str]
ldapprovider: ENC[AES256_GCM,data:CPsrWmUviUpFIVVN/2a1lRjJCoZCWR9zrHm3T5Tv/YuXSYXStZGfBgXN96zhJUUpZcwiJq95o1sajyit+6itZCcGAPu0BTHSnNXRu1fgifonXE0ghw6rvzwkYpfBS+rfmBcG2wxX+7uZG3ulANYpvvGMxpKgM5IzQjE1sAytRDir6QeMGcFHP2gV4xQAdTNUZK2V+EKOlrcV5vTSzDSy3eXg18TVUgZqdxaQFfwnr2UN0eEEZ4Dn83G3QWsROZ0A7R3tuEmdAzmR8AdWBxfqCcOA8vZaOIOWb1AyobLCUaqQOj/SbGdgehMOQn1UcbRHpYQ2E9mvxD572uc/U5kzy/TbOLM34pkvckNrGfxwvqwbvXZrVP3gONY5CnJpk5XfVdT5Au/uwE5ZRs83ZEx31+85mpK3HecyBWRfWID0z2XS8PAU6G7ASQsXCh6sd5LFhL7zhxBQ4ENjT8pDi0OLYvw9VzPhPrdzooULeMytGitVWRtLsSzCn/D+U4x6EJLivLW6jv9SAIKg54fAjNEBYHh7GuHbr/VGtmiWKj6av2e3/BLgPOIyINzNv+X5QSsopZ2/yamPs+ARTOqAZvSyRgqereYoLZ5ZV15jIWiGc7HVfj/+Bk7cN4+VwFhzSuttp1DmvNNIWueeX69rdSqe41Y2lqKZ4ajOSIJ+YLP/dR0wvrVbd7QSP2OVRAnMugmeekbIuyIKPNsNJ183Z4y1m/ihIdRAzLnjSYuYCdWw3LXl5gM0ZTtGb7K+cIYcyJrS3fcaErDmqyI/LJoXNTo5CJI=,iv:ycKt8/awCo3HoO6Oa8H77GH9+m+xgR4kiXb7Cbf0wSY=,tag:b6pBoZs+E4CP+V9oZXrcoQ==,type:str]
ldapprovider: ENC[AES256_GCM,data:ant/hUgh5hZLC/tNidAGfszlQz6CNlFwAG2JdsGG+2yW99MAd2vGiim4ApFZ0Ios42jXjzFYO1/xepCu67gFCIX7qvhRiBTFCPNe7j3SrnWa4x8KPLNBmz72A7Slk4pKBRSTyQJGm/8S6cLqlU3ieUB7gBUiDGFKpgLk+j0WV4PSie6TFy/9G1S6hs6PI5ZUnbogtj+9x03Anv/7Nc68EUtrAVAtZ4V9QYJjoNV88LRZhAe3Pe9pLEBKUsv6ve9CH1EtYBRY3e2ptWhBxaO7a/JN6WBlWTfRAe5xT7u+f8JHQz3Th7HSnOuTyJbGJmdVqRK6ajFsNl8NN26x5SfU33cS97FuAdpy6PXATC5z8w+sBIyF4qLeW+pJ/vG9RE5aRXmiy/iI5AYw2kA2o/fqq0cVT6LJR2Oa+yeLiXxA5S2LHVrA3F9UXXgI3udROGGyl/17FKJTuwlPc4Rw61ByUS1FBoP8pL0HuXN4se0bwK4Sj/LNHKVserwCE+dzv3Sir2zFzCoY0TmaVVu606BB5FVmvnpizzD87DRR8leEz/fl55IHfcAKQ9llnjbE+PDNCIlT2MSbQGhqUTtoylPZP5GchgaAsrimigNLPb5nHaLeKNuo9hcQGsMzNZSTzrS5R10Ra+xgef5SjY3xkHZiMO4meEuVytLiJAVxwSVvOxgR9HEkZpWvyI6tmObuQRIvEzM8hCTVlVC/C4x/q/k/I8Hx3SUI+M/O7kjrVJunuXsa5z4cdoshpHyEA1dJosjDvQh3i8rcXzn3fIWuxwM0Xx8=,iv:n2XOs6F7kuMmjPCc14s2MQl37vjVTtmAVkYQp7kqjgc=,tag:vBOfDoOjnoBzzSdwC7yDDA==,type:str]
postfix_ldap_aliases: ENC[AES256_GCM,data:kpffdciWI08Of2fm2B1lZ4rOYIhWtoBTnpU1N0iwiStA81Yl/NMDgHDCVv79XY6SuFTCBd6npKNz/0ibBy1WDSrDQymV5MIUmWVPwLcBSNMjD0d69PJYdUDVLmyhNkjB2hEL9JaH1PiO4iBM5y9yZx1LT+zlauAZEJPFgO/MvjkMknHZPKnRpBtT8wKTWTYUtBvzQtlACLKdIF0t37Q2DZAMtWrAgsrH811zUbsxJbYDInvNDPDHZHS+ZfF0Q1vXDLWUm+zZij6KRAJdOuEU9dyzhU/t93+LO9zKADwyF1Xk+2Uh,iv:cEui6fcDDINpUUcLZxGwPBMP1PjQVNMdScgaWdnIJ80=,tag:/7/mZckPJ7YLuJMp/BqbOQ==,type:str]
mautrix-telegram_env: ENC[AES256_GCM,data:2p5vYV+/vEDrrZItTcT1vxddv2tM7dLGBUmG+OXHccTzJ2UhyYpDGgUMr5KgObxvyssYBZTsvbV7QFN3sjcU/jVPx1qEUn6zyKO0HBQjrviVU3urx5zNOnCEHwDKyDrZ1Hu/CE6lpGNrtGlpewgOs/+84JZIZhC9qSuzDhN38sr4OGfMr29fMzafYC+TGHoZyA64GI9xz0KvXhwg6ci1hLtVWYEOFW2Nf8uLY8qkNLuDzA6bYx8rn3CEXoxiv0n4,iv:jmcWTyVkqu9nDc1ws2NxkMKrHPZ13i3jqDkk4Y0kejw=,tag:BjhmPc4lSbsZBmZ/q2CqGg==,type:str]
vaultwarden_env: ENC[AES256_GCM,data:X8wdQSieXfgNUqtoFRgz43jsWyrUQ1wxsM9L5iHoE8YFR5O6SzfAcjMsr4I0r2t5by/C4YorVsN5GQKyyVWS4SwelTT3UmFX89/pAUnAsUqeBZENOPEWiLNJnC3R3Xic6B1tu0OsX1X9RxR/X9EQJf/MIEdiNfhXKBxy7gZ0tDsDyze5/ZGVJX8=,iv:foByTYQw1KnB1MmwSQqmwza9PJJmdYdZbIHKrZ9vog4=,tag:8VTcOSefWmyd8ozGXHbklw==,type:str]
course-management:
secret-key: ENC[AES256_GCM,data:3WwhgZ+ElLOdEgdy/EoOL1vqkcXfnOnUZMKUsD9rd7I=,iv:eMo7HeOkSPGpCbLMi/6XoD4MXd27OageRsz70lyXNf0=,tag:u3H9BSv+7lasnBl29l8o3Q==,type:str]
adminpass: ENC[AES256_GCM,data:WUDsz3S88y590oStJinwukT8hJ+0dJ9/To1pDUWEN6o=,iv:5VSZohH2l/RNTNaWqMd9Y0JlSs7Cg1TRbeTR+OKhedA=,tag:LagNEUEKhNXIRKNwjmizbQ==,type:str]
@ -35,8 +36,8 @@ sops:
NEJBTHE2end1RDlHRTNFYlZjTjhib2cKmQRHpBKZ2DbQ5CfOwcSPfZAm9fnnpxUk
+LcR8haK//O3N2uNf9etDW3VsT5ipPucCdFU1m/v9L5tcN6ZP8WP+w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-11T22:22:39Z"
mac: ENC[AES256_GCM,data:5H6TIgrD0hTICCzo+nOlwbF1wjtFNiLYcW3QBkzQpFPgz3VwHV436kHnu6ns3IJIzpMdxEHDFxN6xKaYBtwiAdHwZLrP05H3443/jr6+z0EseQ0IG2Jq6bbhro1z1W+/165xKV6AYMxulQ1d4CyMD1/u1hqoVtd5KXUNJdJwSDw=,iv:OlFokFfHGMBy2aTB73kPf2TohuOkCT6mdBelvLaEOCQ=,tag:JUyj7wjBY3HUw9Nug/Iqgg==,type:str]
lastmodified: "2023-07-12T13:54:25Z"
mac: ENC[AES256_GCM,data:RM7WaIdA96ou62K5/oCqa74+F6PmYqRfOgNwdH5oDULwCj8ZLkn9VUVKuLWLbxbg5BqDJLDqquzelHJfftekSfwIqbpKSFrXpUKmic108OxE311t52Wu4wE4ieFii5c32A+E5Iu8/EbW95xQBZwKG24aZEJz9GvIdRShzF478h0=,iv:zHx2CL5Malq5cWPEqy2PZA9pkOWPBpRPAVnldlAzN60=,tag:RQo0BD/0vHnS2tH+ODIUZw==,type:str]
pgp:
- created_at: "2023-04-23T17:48:54Z"
enc: |